Trust management framework for attenuation of application layer DDoS attack in cloud computing

Abstract

There is a new breed of denial-of-service attacks intended to misuse resources and drive up the cost of cloud computing. Although the impact is less widespread than a traditional Network layer DDoS. Crashing a server is not always easy in the cloud because additional resources can be made available as needed to support sharp spikes in demand. However those resources are not free and an attack could make it economically prohibitive to keep the attacked cloud or its services running. In this paper, we propose a Trust Management Framework as a partial solution to this problem. It is a lightweight mitigation mechanism that uses trust to differentiate legitimate users from attackers. The trust is evaluated on the basis of clients' visiting history, and used to schedule the service to their requests to access cloud. It uses a new feature called a license (composed of three parameters; client ID, IP address of the client, and computed Trust), for user identification (even beyond NATs) and store the trust information at clients. The license is cryptographically secured against forgery or replay attacks. © 2012 IFIP International Federation for Information Processing.